[jboss-user] [JBoss Portal] - Best practice: secure direct web app access
do-not-reply at jboss.com
Thu Mar 20 05:22:51 EDT 2008
I'd like to know how I secure the access to a web app that runs as a portlet. I have the portlet secured by a <security-constraint> in the *-object.xml, but if I call http(s)://server:port/my-web-app-context-root/folder-in-war/resource I get the content delivered without being logged in.
Now, if I configured a <security-constraint> in my web.xml (with the same user role and security-domain as for the portlet) JBoss asks for a username and password (BASIC-auth). That's quite good, but it asks for username and password for the portlet, too - even if I logged in.
What are the best practices for that?
View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4137977#4137977
Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4137977
More information about the jboss-user